The Freefire Project
For Developers, Users and Admins of Free IT-Security Solutions
[freefire logo] > Tools
I want to
[contact you]
[be notified]

I am a

Disclaimer & Help

© Copyright 1996-2003
Bernd Eckenfels, Germany
and others

In Association with

Freefire -> Tools
Security Tools List
by Bernd Eckenfels,, 2002-01-18 for

This is a list of security tools.

Free (Open Source) Tools

  1. Packet Generators
    • [ftp] ipsend - generates TCP/IP packets with a scripting language ([mail] Darren Reed)
    • [html] SPAK Module generates TCP/IP packets by a shell pipe (IP, TCP, UDP) ([html] Karyl F. Stein)
    • [html ???] TOD - Touch of Death. Is able to kill connections, if used with sniffit ([mail] Brecht Claerhout)
    • [html] udpprobe Send and receive UDP Packets
    • [tgz] arping in ip-utils by Alexey Kuznetsov can send arp-pings, unsolicited and gratious arp, it can also detect ip address collisions
    • [html] nidsbench Anzen Computing is pleased to announce the initial release of nidsbench, a network intrusion detection system test suite. (OpenBSD, FreeBSD, BSD/OS, Linux, Solaris)
    • [html] Libnet is an API to help with the construction and handling of network packets. It provides a portable framework for low-level network packet writing and handling (use libnet in conjunction with libpcap and you can write some really cool stuff).
    • [html] Net::Rawip module for perl to support sending of Raw IP Data
    • [ftp] PyPcap Python lib high level Raw IP API
    • [html] SendIP Project Purple's Command Line IP Packet Sender (large amount of options) (Mike Ricketts)
    • [html] nemesis nemesis is a command-line UNIX network packet injection suite based on libnet.
    • [html] rain rain is powerful tool for testing stability of hardware and software utilizing IP protocols. It offers its users the capability of creating their own packets with a wide variety of command line options.
    • [html] tcpreplay Suite of tools to edit and replay traffic captured in PCAP format (Aaron Turner)
    • Ressource: see Raw IP Networking FAQ
  2. Traffic Generators
    • [html] Traffic Generators for Linux Arni's summary on Traffic Generating Tools for Linux (ttcp, tg, netspec)
    • nidsbench includes a TCP load generator, too
  3. Network Scanning and Diag
    • [html] nmap good Port scanning tool which supports all well-known methods. On the namp Page is a link list of other scanning tools, too.
    • [dir] netdiag Collection of Diagnosis Tools: strobe, tcpspray, trafshow, statnet, netwatch, tcpblast and netload. Source can be found on all Debian Mirrors in source/net/netdiag*.tar.gz
    • [html] netcat from Hobbit - Swiss Army Knife for TCP and UDP (like socket). Simple Port Scanner, simple Port redirector and simple access to sockets from Scripts.
    • [html] iptraf LAN statistic utility for Linux
    • [dir] btng Beholder, The Next Generation RMON compliant Ethernet monitor
    • [dir] smb-nat SMB Network Analysis Tool (1.0 and 2.0beta)
    • [ftp] ADMsmb ADM smb is a security scanner for Samba/LAN Manager Server Message Blocks/Window Shares from the ADM CreW
    • [html] PortScanner a simple TCP Portscanner
    • [html] DOSTracker MCI's DOSTracker can recognize and trace quite a few Deny-Of-Service Attacks on CISCO Networks back to the entry point of the attack.
    • [html] queso Queso identifies operating systems via the TCP packet signature
    • [html] SmbScanner SMB (Windows Share) Scanner by !Hispahack
    • [html] traffic-vis can visualize amount of traffic on IP networks between hosts
    • [dir] icmpquery handy C programm to query netmask and time of a remote host via ICMP from David G. Andersen
    • [html] exscan strobe port scanner which identifies the running services.
    • [html] hping TCP pinger, can analyse networks and hosts (on a TCP Flag level :). Very interesting tool the test TCP/IP stacks. With this spoofed scanning is possible.
    • [html] BSB-Monitor simple network monitor which scans network and outputs a result HTML page.
    • [ftp] iputils by Alexey Kuznetsov can be used to debug network problems with ping/traceroute/arping/tracepath (MTU discovery)/clockdiff (supporting IP Timestamps)
    • [html] Calamaris squid log analyzer
    • [html] yapm yet another ping monior can ping a list of hosts and show the results on web pages.
    • [html] ntop shows network usage in curses (top like) or on web, is libpcap based and cool.
    • [html] nstreams Nstreams is a program which analyzes the streams that occur on a network. It displays which streams are generated by the users between several networks, and between the networks and the outside. It can optionally generate the ipchains or ipfw rules that will match these streams, thus only allowing what is required for the users, and nothing more.
    • [html] nikto Extensible Perl script to scan Web Servers and CGIs to gather information and check for common vulnerabilities.
  4. Host Security Scanners
    • [html] satan Scanner with Web Frontend from Dan Farmer and Wietse Venema (look at his papers and tools)
    • [html] gate. modular Linux Scanner Uses a user-friendly Curses GUI. (by tishina, not supported anymore)
    • [html] EARS (Emergency Audit Response System) is one of the first efforts in development of a single system working to identify, monitor and respond to abnormal system/user/network behavior (such as hacker intrusions) on a distributed level, in real-time. (by tishina)
    • [html] saint scanner based on Satan (not realy free)
    • [html] COPS a Un*x host security tool from Dan Farmer
    • [txt] Tiger 'tiger' is a set of scripts from TAMU [dir] that scan a Un*x system looking for security problems, in the same fashion as Dan Farmer's COPS.
    • [html] SARA Security Auditors Research Assistent, based on the SATAN model
    • [html] OpenVAS a security Scanner for Linux and Windows (based on Nessus and Gnessus)
  5. Dumping, Sniffing and Network IDS
    • [ftp] tcpdump - uses [ftp] libcap to capture network packets
    • [html] sniffit - Packet Sniffer ([mail] Brecht Claerhout)
    • [html] epan - offline protocol analyser for tcpdump ([html] Peter Tobias)
    • [ftp] tcpshow - reformats tcpdump output ([mail] Mike Ryan)
    • [html] ITA - List of software in the Internet Traffic Archive, used to analyse, simulate and anonymize traffic
    • [html] Argus - CMUs Network Monitoring Tool. Note: Argus 1.7 is ported to a lot of architectures, but it is not Free anymore.
    • [html] karpski A Gtk based sniffer with a nice GUI, well suited for ARP monitoring
    • [html] ethereal it's a utility that lets you capture and analyze network traffic. Based on GTK.
    • [html] IPAC IP Accounting Frontend to ipfwadm
    • [txt] netlog TAMUs network logging toolkit [dir] including logging monitors for UDP and TCP, an extractor, and [txt] netwatch a real time network monitor
    • [html] KSniff KSniff is a packet sniffer/analyzer developed for the KDE project which supports plugins written in TCL.
    • [html] Gnusniff GTK based multithreadad Sniffer, aims to be cool looking and easy to use.
    • [html] ippl logs icmp, udp and tcp packets multithreaded. Can be configured with apache style rules and uses a DNS cache
    • [html] XIP protocol analyzer / nice graphical tcpdump akin to EtherReal
    • [html] ngrep a network "grep" like utility to capture data. Can be used to look at the payload, too.
    • [html] Perro three daemons to log ICMP, UDP and TCP Connections
    • [html] Snort Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform protocol analysis. See the nice ressource page about sec info, too.
    • [html] scanlogs Solar Designer's port scan detector from Phrack 53.
    • TODO:
    • [html] IPAudit libpcap based connection logger, builds summary of all in promisc mode captured sessions
    • [html] aps simple text mode IP PAcket Sniffer (for Ethernet on Linux)
    • [html] RazorBack SNORT Intrusion Detection Front-End. GNOME 1.2 Application adds a realtime visual indicator for SNORT Intrusion detection events. -Leigh Purdie, Intersectalliance
    • [html] WSA IBM's Wireless Security Auditor is a Linux Software for iPAQ PDA to easyly audit the Security of an 802.11 wireless LAN. This site features the Software and even some basic info on the gaping holes in the 802.11 protocol (even in the WEP encryption). A must read for wireless LAN user.
    • ipgrab
    • icmpinfo
    • ESniff
    • net-acct
    • arpwatch
    • getethers
    • netwatch
    • trafshow
    • ip daemons
    • [html] SHADOW This is the Mother of Network Intrusion Detection Systems and still maintained with a large, experienced community of analysts. Good for forensic. License unclear?
  6. IP Filter, NAT, VPN, IP encryption See comp.dcom.vpn for discussions.
    • [html] CIPE Crypted IP Encapsulation (Daemon and Module for Linux). Very lightweight secure VPN Solution by Olaf Titz
    • [html] CIPE-Win32 Sourceforge Project which brings CIPE VPN Software to the Wintel platform. Great!
    • [html] IP Filter (TCP/IP Packet Filtering package for *BSD* based Systems and Linux including NAT, transparent Proxies and statefull screening.
    • [html] masq/masqd for Linux and [html] winmasq the win32 frontend from Jaume Miralles.
    • [html] ipfwadm paper about Linux build in packet filter by Jos Vos.
    • [html] The Linux FreeS/WAN Project with IPSEC & IKE
    • [html] SINUS Firewall dynamic statefull packet filter for Linux (sf firewall, sifi).
    • [html] Linux IP-NAT Forum real RFC NAT with Linux 2.0 from Michael Hasenstein
    • [html] VPN for OpenBSD in the current-tree of OpenBSD you can find a IPsec implementation and a photurisd key management daemon. This is documented in [html] vpn(8).
    • [html] ppptcp Tunnel PPP over an arbitrary TCP connection
    • [txt] PPP on top of SSH simple scripts to build a VPN based on SSH
    • [html] drawbridge TAMU's Filtering Bridge, a firewall Solution. Old Versions where running on DOS, the current version [dir] is running on FreeBSD.
    • [html] VPS Virtual Private Server for building VPNs based on PPP-over-SSH
    • [html] jlip jlip is a SLIP-driver with additional features like one logical link over many physical lines (multiline), IP-over-TCP tunnelling with public key hosts authorization (elliptic curves) and data encryption (blowfish with 112-448 bits key) for VPNs (Virtual Private Networks). It currently works under FreeBSD only and there are no english docs. A russian to english translation is welcome.
    • [html] NRL IPv6+IPsec Software Distribution
    • [html] Linux Virtual Server load balancing by LinuxDirector
    • [html] HTTPTunnel build data tunnels using the HTTP protocol (through firewalls) by Lars Brinkhoff
    • [html] vpnd uses Blowfish to build a secured tunnel between to Linux Boxes in user mode
    • [html] pipsecd
    • [html] tunnelv RSA/Blowfish based VPN Tunnel Daemon for Linux using ethertap
    • [html] ipchains the 2.2 Linux IP Filter. On this page you can find the HOWTO, a "ipchains-in-a-nutshell" summary and the libfw, which can be used to manipulate and use the kernel filter from user space.
    • [html] netfilter/iptables the 2.3-2.5 Linux Packet Filter Framework from the ipchains co-author Paul Russel
    • [html] Fwctl high level rulesets can be used to construct ipchains chains, very nice (perl) tool from Francis J. Lacoste at iNsu Innovations. inc. Can be used on RH or Debian Systems to confgure a ip chains firewall on boot.
    • [html] Zeebedee establishes a cypted tunnel for TCP connections on win32 and Unix. Can tunnel multiple TCP connections and add optional bzip2 compression.
    • [html] taptunnel ethernet tunnels for he linux tap device (over TCP with 3DES support)
    • [html]
    • [html] SPF a "Stateful" packet filter based on dynamically entering ipchains rules from a user mode daemon (getting events via netlink).
    • [html] LinuxVPN Masquerade very good ressource on Masquerading VPN Clients and Servers (IPSEC, SSH, PPTP) with Linux. Useful links to tools and kernel modules. Thanks John Hardin!
    • [html] Return-RST User mode Daemon which returns RST packets for denied connections with Linux 2.2 IPChains. (Note: netfilter with Linux 2.4 supports this out of the Box)
  7. Crypto+Privacy
    • [html] GnuPG - The GNU Privacy Guard, a free PGP (2.6, 5.x, OpenPGP)
    • [html] psst... A free Shecure Shell Implementation
    • [html] CTC is a freeware PGP-interoperable encryption software package (including a PGP lib and a Mac Client)
    • [html] SSLapps FAQ about aaplications based on SSLeay
    • [html] SRP Telnet and FTP Secure Remote Password Project
    • [html] Nautilus Secure voice conversation
    • [html] PGPPhone Freeware Voice-over-IP Solution for Win32 with PGP security
    • [html] Cryptonite pure Java package for strong encryption
    • [html] gPGPshell gtk-interface to PGP and GnuPG
    • [html] Oscar a project aimed at designing and constructing a public key certification system. The system will include all necessary components including, a Certificate Authority, Certificate repository and client interface. The Oscar project aims to conform to existing and emerging standards such as the IETF PKIX, OSI X.509, and RSA PKCS standards. Oscar stands for Open Secure Certificate ARchitechture.
    • [html] MindTerm ssh client Java Applet (GPL) including RSA, DES, 3DES, RC4 and Blowfish and classes for ssh server.
    • [html] ORBit-SSL Opensource Project to add CORBASEC Featres to the ORB used by GNOME by Rainbow Diamond
    • [html] slush the slush project tries to generate a secure remote login based on SSL/TLS and X.509
    • [html] pyCA Tools to run a CA based on OpenSSL and Python, from Michael Stroeder
    • [html] OpenSSL The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
  8. Superservers and TCP Wrappers
    • xinetd
    • UCSPI tcpserver
    • tcpcontrol
    • TCP Wrapper
    • [dir] g2s An interesting inetd replacement including tcpwrapper/chrootuid/relay
    • [html] tcp_server small and simple tcp server
    • [html] smstart sendmail starter without root priveledges
  9. Proxies (and Cache)
    • API-level Emulators and Proxies
      • [html] usocksd User-Mode Socks5 Daemon
      • [html] Dante circuit-level firewall/proxy (socks4,5 and experiemental MS Proxy client) under BSD/CMU-style license
      • SOCKS 4+5, ssocksd
      • term
      • slirp
    • Port Forwarders
      • [html] rinetd redirects multiple tcp connections to remote hosts (behind the firewall) from Thomas Boutell at Boutell.Com, Inc
      • [dir] redir simple TCP Port redirector
      • netcat See describtion in Section Network Scanning
      • socket The program implements access to TCP sockets from shell level.
      • [html] plugdaemon Daemon to redirect connections, with some support for load balancing from Peter da Silva
      • [dir] uredir simple udp redirector
    • FTP
      • [html] SuSE Proxy-Suite a set of programs to enhance firewall security. The first (and currently only) component being released is the FTP-Proxy.
      • [html] jftpgw FTP Proxy including support for trtansparent proxy on Linux 2.4.x and a Gateway to sshd Servers with FTP Clients.
      • [html] Frox A small transparent FTP Proxy for Linux. Optional Support for direct login and cache via external HTTP Proxy.
    • Mail
      • [ftp] IspMailGate a general-purpose email filter integrated into sendmail, written in Perl and based on the MIME-tools. (not realy free)
      • [html] smtpd/smtpfwd Free Store+Forward SMTP Relay with Header-Filtering
    • Secure Tunnels
      • ssh (not realy free)
      • [ftp] sslwrap inetd redirector for SSL to unsecure services like POP3 or HTTP
      • [html] stunnel SSL wrapper like sslwrap can run from inetd or standalone, can wrap remote services
      • See delegate
      • [html] netpipes makes TCP/IP streams usable in shell scripts. Includes a ssl-wrapper in the US/Canada Version
      • [dir] edssl Security enhancement daemon (SSL wrapper)
      • [html] Virtual TUNnel easy and modular solution to create tunnels in usermode with traffic shaping, compression, and encryption.
    • HTTP (and CONNECT for SSL)
      • Web-Servers which are able to act as an HTTP Proxy: [html] Apache, [html] W3C httpd (CERN), [html] Jigsaw (the W3C's Java Server), [html] Roxen. (See the Section in Yahoo!)
      • [html] WebFilter is a extension to the CERN Proxy for Content Filtering (like Advertising)
      • [html] Squid - powerfull Internet Object Cache
      • [html] WWWOffle Proxy optimized for Offline Browsing
      • [html] The Internet Junkbuster standalone Proxy which can filter Content from Web Pages
      • [hmtl] Muffin HTTP (SSL connect) Proxy written in Java with Filter capability
      • [html] RabbIt filtering Web-Proxy in Java, especially for slow lines, can produce lowres images on the fly
      • [html] tinyproxy small proxy for http. Does not cache and can be run in anon mode
      • [html] twhttpd twhttpd is developed in a scenes to help the protection web servers (and web browser clients) by checking the HTTP protocol header data. The design has already put most modern web base attacks into consideration and hence can protect most web servers without very in-depth knowledge about the attacking techniques. On the other hand, the script like configuration file also makes the proxy very much flexible to fit into many different special environments.
      • [html] httpf A WWW Security Proxy (in C using POSIX threads) for filtering HTTP and HTML to only forward allowed/harmless content.
    • NNTP (News)
      • [html] Acme.Nnrpd multithreaded Java NNTP Proxy
    • Misc Protocols
      • [html] ByPRoxy A personal Proxy for Filtering Internet Access (HTTP, SMTP, POP3, NNTP) (not realy free)
      • [html] tircproxy A Proxy for IRC (Internet Relay Chat) featuring DCC support by Bjarni Einarsson
      • [html] DeleGate Proxy/Cache/conversion/server for multiple protocols (FTP, Gopher, HTTP, NNTP, POP, SMTP, Telnet, Wais, X, LDAP, LPR, CU-SeeMe, Socks, ICP, SSL) runs on different platforms.
      • [html] xgate allows X11 connections through one-way firewalls like socks.
      • [html] FreeTDS free implementation of Microsofts and SyBase' TDS (Tabular DataStream) database client access protocol
      • [html] bnc a simple irc bouncing (proxy) tool
      • [html] OpenH323 Project produces a code lib to handle H.323 (internet telephony). Can be used to build a secure Proxy.
      • [html] Juniper Firewall Toolkit from Obtuse Systems Corporation (now open source!).
        Utilities from Obtuse.
      • [html] stone small application proxy to redirect TCP ad UDP, optional Support for SSL and HTTP Proxies. Can act as an HTTP Proxy, POP/APOP converter and supports win32 and unix.
      • [html] Bluetail Mail Robustifier load balancing for POP/SMTP/IMAP (commercial with trial dl)
      • [html]oops HTTP/FTP Proxy with cache in raw data partitions, ACLs and small footprint
      • [html] JonAMA a SSL enabling reverse proxy for multiple services (threaded) supporting CA and CRL checks
      • [html] FK Free Replacement for the famous FWTK (formerly from TIS).
      • [html] Astaro Security Linux commercial distribution for a point+click firewall. Rumors are, that it not realy secure and not realy free. The license for "Astaro-OSS" is well hidden, but you can find it here [html]. Installation requires to delete all Data on Harddisk.
      • [html] SmoothWall GPL A Firewall/VPN Installation featuring easy install/configuration with Web Frontend. Completely GPL. (Inclding FreeSWan, Linux 2.2, DHCP, ADSL Support, SSH Applet, Port Forward, ISDN4L). The faxt, that IPCop is a spin-off may show problems in the project?
      • [html] IPCop SmoothWall GPL fork.
      • [html] contains a lot of malware/anti virus projects like samba-vscan (on Access Scanner for Samba VFS).
      • [html] Kaladix Yet another secure Linux distribution from Germany, featuring Crypto and RSBAC.
  10. Authentication and Directory Services
    • [html] xtacas an extended Version of Cisco's TACAS Server by Vikas Aggarwal
    • [html] Cistron RADIUS server by Miquel van Smoorenburg
    • [html] Mig's RADIUS LAbs some summaries on the Linux-radius list
    • [html] Lucent RADIUS RADIUS Whitepaper, FAQ and Server
    • [html] RADIUS Services for NDS Novell offers this for free download
    • [html] RADIUS Services for NDS german Intro at the LRZ Munic
    • [html] Basic Merit AAA Server The Server formerly known as Merit Radius Server
    • [html] LDAP at U-M free Server and Clients for LDAP and X.500
    • [html] Linux directory services integrating LDAP into Linux (as a replacement for NIS)
    • [html] Innosoft's LDAP World Implementation Survey including free implementations
    • [html] GAP the General Authentication Protocol by Olaf Titz.
    • [html] ident2 rewrite if an identd/auth protocol server
    • [html] OpenLDAP LDAP Tools based on the UMich's LDAP
    • [html] Simple Distributed DataBase (SDDB) a system designed to hold network directory type information across multiple machines. It is designed to be an intranet level service rather than in an internet level one. It allows updates to occur in multiple places (seperated by WAN links) and yet the data to be merged into one seamless directory.
    • [html] OPIE One Time Passwords in Everything from NRL IST's good OTP Page
  11. Intrusion detecton
    • Host Based (Auditing, Anormaly Detection)
      • [html] lids Linux Kernel based intrusion detection, can seal and lock down processes, filesystems and files. Secure them from modification and monitor access by a kernel module. From the Linux IDS Project.
      • [html] Samhain Besides an excelent file integrity checker it offers some more checks and features cryptografic security (tamper, spoofing) in distributed installations
      • [html] Snare Host Based IDS ([html] Article by 8Wire). GPL Linux Kernel Module for audit trails and GUI.
      • [html] St. Jude Linux Kernel Level IDS to protect the integrity of the host by detecting improper priveledge elevation/transition.
      • [html] ImSafe Monitors applications on Linux and does heuristics and analysing of normal behaviour. The goal is to detect new/unknown attacks on network services.
      • [html] Free Agents DIDS agent based distributed intrusion detection system (alpha as of 01/2002)
    • File Integrity Checking
      • Tripwire
      • [html] NCSfck file integrity checker (like tripwire)
      • [html] Nannie It monitors system files for change in inode, size, etc. and notifies you if a change occurs.
      • [ftp] l5 Hobbits file integrity checker
      • [html] l6 L6 is a file data integrity checker using both the MD5 and SHA-1 hash algorithms. This tool can detect file tampering based on hashes generated by both algorithms and other inode information (not as reliable tho). It also provides a useful, lightweight and flexible interface (written in perl) to verify file data integrity, and the output and functionality resembles that of L5. (By Patrick Gilbert)
      • [ftp] bsign embeds hash and/or digital signature in ELF files
      • [html] Advanced Intrusion Detection Environment AIDE s a free replacement for Tripwire (file integrity checker)
      • [html] chkrootkit Checker for known Rootkits
      • [html] debsums Debian checksum checker
      • [html] Integrit File Integrity Checker with own Database, periodically checks for attribute and checksum changes. Nice daily reports by mail.
    • Attack Detection
      • Gabriel
      • tocsin
      • courtney
      • [html] Abacus Project with PortSentry (Port Scan Detection and Active Defense System) and HostSentry (Host based login anomaly detection and response tool) and Logcheck (for syslog, TIS, tcpd and abacus logfiles)
        Note the limited commercial redistribution! Note also, that PortSentry Counter Measurements and listen() Mode (non-Unix) are not recommended. See for example [html] PortSentry/Snort Compared.
      • [html] FakeBO fakes Back Orifice server responses and logs every attempt to a logfile or stdout
      • [html] Shadow Project Building a Network Monitoring and Analysis Capability Step by Step (from SANS' Cooperative Intrusion Detection Evaluation and Response (CIDER) Project)
      • [html] hunt tool to do connection hijacking detection, arp-spoofing detection, mac discovery and connection watching by Pavel Krauz
  12. Network Management, Data Collecting
    • [html] gxsnmp the GNOME Network Management Application. On this page you find some good links to SNMP Solutions
    • [html] Scotty and Tkined TKined is small and nice network management station based on Scotty which extends TCL with interesting network capabilkities.
    • [html] Hummingbird Project distributed data collecting with Postgres SQL backend
    • [html] Pong3 system management tool
    • [html] ucd-snmp SNMP suit from the UC Davis, including support for Linux ipfwadm
    • [html] psntools managing a great number of user accounts at a site
    • [html] PIKT PIKT is a multi-functional tool for monitoring systems, reporting and fixing problems, and managing system configurations.
    • [html] cheops GTK network shell which maps hosts and offers tools to work on them, uses portscanner and queries OStype
    • [html] lanlord dhcpd lease reporting program designed to let you know who has what address lease to which machine. It runs on the DHCP Server as a CGI and uses CSS to modify output.
    • [html] traffic-vis tarffic-vis is a network monitoring/auditing tool. It is based on the desire to have a free (GPL) tool which can graphically plot communications between hosts on a TCP/IP network and quickly answer questions such as Who is saturating our Internet link? :) It is developed by Damien Miller and uses libpcap
    • [html] DEMARC Web Frontend for monitoring network (services), hosts. Also has hooks to Traffic Stats and IDS.
    • [html] NetSaint Another Web based Network Monitoring System. Written in C for Linux. See some more tools like that on [html] the others monitor page of the netsaint doc.
    • [html] Big Sister Yet another Web based Monitoring Solution, clone of Big Brother. Runs on *nix and Windos.
    • [html] OpenNMS It is yet another Web Frontend for Network Management. It is special cause it is based on J2EE Technology. IT supports some Asset management and in contrast tot he other Network Management Systems, it understands about "Interfaces" of "nodes".
  13. Logging & Log Analysis
    • swatch
    • [html] Logcheck Fast and Reliable Log File Auditing (not realy free)
    • [html] wots WOTS is a logfile monitoring utility written in perl5. It's based on swatch but is brand new.
    • [html] squij analyse squid logfiles for refresh pattern setting
    • [html] logscanner a logscanner which can perform realtime notifications
    • [html] nlog nmap 2.x log management and analyzer toolkit.
    • [html] logsurfer logfile analysis tool from Wolfgang Ley
    • [html] firesoft tar archive with perl scripts to analyze ipchains and snort logfiles. Can even generate a bar graph for a quick overview.
    • [html] BackLog WinNT Eventlog to Syslog converter. Windows NT service that facilitates the real time central collection and processing of Windows NT Event Log information. All three event logs (Application, System and Security) are monitored, and event information is converted to comma delimited text format, then delivered over UDP to a remote server. -Leigh Purdie, Intersectalliance
  14. Firewall Configuration and Adminstration UI
    • [html] FCT Fireall Configuration tool can generate ipfwadm and IPFilter Rules
    • [html] ipfwadm dotfile module makes setting up of ipfwadm files for simple installations easy. John Hardin wrote that module for Jesper Pedersen's [html] Dotfile Generator.
    • [html] Mason shellscript which generates ipfwadm rules by sniffing actual traffic patterns ([mail] William Stearns)
    • [html] DNi IP Filtering Firewall script for dial-up users based on javascript for Linux' ipfwadm
    • [html] Fake relace existing systems with backup servers (hot spare backup systems)
    • [ftp] TkFirewall full control over Linux' network filters (by a GUI for categories)
    • [html] gfcc GTK++ Firewall Control Center. Very nice GTK based GUI to generate ipchains filter entries for the ip packet filter in Linux 2.2 kernels.
    • [html] filterrules tests firewalls for active filter rules and outputs them reliable.
  15. Operating Systems (Kernel, Patches, Extensions, Hardening, Compiler, Libs)
    • [html] Linux
    • [html] FreeBSD
    • [html] OpenBSD pretty secure OS
    • [html] NetBSD
    • [html] Rule Set Based Access Control for Linux
    • [html Titan is a collection of programs, each of which either fixes or tightens one or more potential security problems with a particular aspect in the setup or configuration of a Solaris/Unix system. Conceived and created by Brad Powell, it was written in Bourne shell, and its simple modular design makes it trivial for anyone who can write a shell script or program to add to it, as well completely understand the internal workings of the system.
    • [html] etherboot make Linux Boot ROMS
    • [html] netboot With the Netboot package you can boot a computer with an Intel processor via an IP network without accessing a harddisk or diskette.
    • [html] OSKit a development kit lets you easily build your own kernel that can run on bare hardware. It has lots of component libraries and example kernels, and has almost everything you need to build a new OS.
    • [html] OpenBIOS only a BIOS you have te source for can help you check the integrity of your IT Security solution. Check out the Project.
    • [html] The Gibraltar Projekt from tries to build a Firewal Distribution based on Debian GNU/Linux (which is bootable from CD)
    • [html] Click new modular software router (usermode or linux kernel). Flexible Configuration. Visit the Site and get the papers to understand Routing Issues!
    • [html] StackGuard The modified C Compiler from Immunix to defend Buffer Overlow Exploits. It is the base of the Immunix Distribution.
  16. Small and Micro Sized Systems (one Disk, CD) + FW Distribution
    • dmoz:Computers:Software:Operating Systems:Linux:Distributions:Tiny
    • [html] project which builds a toolkit for harddisk-less routers based on Linux
    • [html] Thin Linux Project another mini Linux Distribution for embedded applications
    • [html] muLinux
    • [html] hal91 Floppy Linux
    • [html] DLX Single Floppy Linux Disribution
    • [html] LOAF Linux on a Floppy
    • [html] tomsrtbt "The most Linux on 1 floppy disk."
    • [html] PicoBSD Small FreeBSD
    • [html] The EDGE Router Project by FirePlug: small basic firewall based on ThinLinux
    • [html] Trinux A Linux Security Toolkit. Boot-Disks with some Scan/Sniff Tools
    • [html] floppyfw
    • [html] Xdenu a small Linux distribution kit.
    • [html] One Disk Linux Howto
    • [html] pocket-linux
    • [html] Small Linux Big Enough
    • [html] fluf (cz)
    • [html] CCLinux
    • [html] LinuxEmbedded
    • [html] Traveller's Linux
    • [html] Tiny Linux smal linux distribution (for reusing old computers)
    • [html] Zdisk rescue disk with chooseable Linux kernel
    • [html]Vector Linux Small distribution (can install major packet formats)
    • [html] PeeWeeLinux small distribution for embedded applications and floppy-base systems.
    • [html] Finnix bootable Linux CD distribution
    • [html] Freshmeat Index of Mini Distributions
    • [html] fli4l Easy to use ISDN/DSL-Router, Firewall on a Disk. Including modules and single config file configuration (including a Win32 Wizard). Web Page is available in german and english.
    • [html] KNOPPIX Bootable Linux (Debian based) CD with good Hardware Detection, a complete System on a compressed Image. Includes Rescue Tools, Network Auditing, ...
    • [html] ClosedBSD A FreeBSD based single floppy disk packet filter and NAT router for ethernet. Features a curses GUI. BSD style license
    • [html] theWall Another FreeBSD/PicoBSD based single floppy router with filtering and NAT function. It supports remote admin, but I wonder why "telnet" is mentioned on the home page of the project. Supports PXE netboot and Flash Usage.
  17. Static Code Analyzers
    • [html] Flawfinder Finds potential security flaws in C/C++ source code.
  18. Unsorted (TODO, still german)
    • Freestone von SOS Corporation (nicht wirklich frei).
      Patches für Security Tools von SOS.
    • The Firewall Toolkit von TIS (nicht wirklich frei).
    • qmail ein neuer, schneller und sicherer Mail Transfer Agent.
    • RIGAT Remote Integrated Graphical Administration Tools (generisches multiprotokoll Proxy Sammlung)
    • BlackMail SPAM Protection
    • JNet Sammlung von Tools für Unix Scripte
    • [html] Postfix the Mailer from Wietse (it is not yet Open Source, IBM has a restrictive licence on it)

  Send News to 

© Copyright 2001, Bernd Eckenfels,, Germany
History of Changes: changes.txt